CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed ...
CSO Online

Two-year old Oracle WebLogic Server vulnerability is being exploited

Its inclusion in the US CISA catalog of known exploited vulnerabilities is a warning to admins that patching is needed now.
PC World

Windows 11’s File Explorer is finally fixing an annoying file size quirk

PCWorld reports that Microsoft is restoring the missing ‘Refresh’ and ‘Print’ options to Windows 11 File Explorer’s right-click context menu after user complaints. These essential features are ...
Ars Technica

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”

The disbelief was palpable when Mozilla’s CTO last month declared that AI-assisted vulnerability detection meant “zero-days are numbered” and “defenders finally have a chance to win, decisively.” ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
CSOonline

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections. Security researchers have revealed a prompt ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
Women's Health

Which Is Better: The Weight Loss Pill or Injection?

While GLP-1 weight loss meds have been a mainstay in pop culture for a few years now, they're potentially about to get even more widespread. Formerly only available as an injection, Wegovy recently ...
TechRepublic

Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files

Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites. A security flaw in Perplexity’s AI-powered Comet browser ...
ZDNet

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

As AI adoption speeds ahead, major security flaws remain unsolved. Users and businesses should stay up to date on vulnerabilities. These four major issues still plague AI integration. AI systems are ...
Psychology Today

Vulnerability Without Self-Trust Isn’t Courage

Over the past decade, vulnerability has become one of the most celebrated leadership virtues. We’ve collectively learned that sharing more builds trust, openness equals authenticity, and that the ...